mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Fix incorrect error checking in php_openssl_set_server_dh_param()
SSL_CTX_set_tmp_dh() and SSL_CTX_set0_tmp_dh_pkey() return 1 on success and 0 on error. But only < 0 was checked which means that errors were never caught. Closes GH-10705.
This commit is contained in:
parent
eb7bb3430b
commit
b09be29ac1
3
NEWS
3
NEWS
@ -54,6 +54,9 @@ PHP NEWS
|
||||
- Opcache:
|
||||
. Fix incorrect page_size check. (nielsdos)
|
||||
|
||||
- OpenSSL:
|
||||
. Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos)
|
||||
|
||||
- PDO OCI:
|
||||
. Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
|
||||
(Michael Voříšek)
|
||||
|
@ -1222,7 +1222,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /*
|
||||
return FAILURE;
|
||||
}
|
||||
|
||||
if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) < 0) {
|
||||
if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) == 0) {
|
||||
php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
|
||||
EVP_PKEY_free(pkey);
|
||||
return FAILURE;
|
||||
@ -1236,7 +1236,7 @@ static int php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /*
|
||||
return FAILURE;
|
||||
}
|
||||
|
||||
if (SSL_CTX_set_tmp_dh(ctx, dh) < 0) {
|
||||
if (SSL_CTX_set_tmp_dh(ctx, dh) == 0) {
|
||||
php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
|
||||
DH_free(dh);
|
||||
return FAILURE;
|
||||
@ -1305,7 +1305,10 @@ static int php_openssl_set_server_specific_opts(php_stream *stream, SSL_CTX *ctx
|
||||
php_error_docref(NULL, E_WARNING, "rsa_key_size context option has been removed");
|
||||
}
|
||||
|
||||
php_openssl_set_server_dh_param(stream, ctx);
|
||||
if (php_openssl_set_server_dh_param(stream, ctx) == FAILURE) {
|
||||
return FAILURE;
|
||||
}
|
||||
|
||||
zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "single_dh_use");
|
||||
if (zv == NULL || zend_is_true(zv)) {
|
||||
ssl_ctx_options |= SSL_OP_SINGLE_DH_USE;
|
||||
|
Loading…
Reference in New Issue
Block a user